Skip to content

Commit

Permalink
feat: provide output config options [#5]
Browse files Browse the repository at this point in the history
  • Loading branch information
boostvolt committed Nov 22, 2023
1 parent eab6138 commit a9a6ffc
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 35 deletions.
19 changes: 11 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,17 @@ export default defineConfig({

### Options

| Name | Default | Description |
| ------------------- | ------------- | ---------------------------------------------------------- |
| `specVersion` | `1.5` | The CycloneDX specification version to use |
| `rootComponentType` | `application` | The root component type, can be `library` or `application` |
| `outDir` | `cyclonedx` | The output directory where the BOM file will be saved. |
| `saveTimestamp` | `true` | Whether to save the timestamp in the BOM metadata. |
| `autodetect` | `true` | Whether to get the root package registered automatically. |
| `generateSerial` | `false` | Whether to generate a serial number for the BOM. |
| Name | Default | Description |
| ------------------- | ----------------- | ---------------------------------------------------------- |
| `specVersion` | `1.5` | The CycloneDX specification version to use |
| `rootComponentType` | `application` | The root component type, can be `library` or `application` |
| `outDir` | `cyclonedx` | The output directory where the BOM file will be saved. |
| `outFilename` | `bom` | The base filename for the SBOM files. |
| `outFormats` | `['json', 'xml']` | The formats to output. Can be any of `json` and `xml`. |
| `saveTimestamp` | `true` | Whether to save the timestamp in the BOM metadata. |
| `autodetect` | `true` | Whether to get the root package registered automatically. |
| `generateSerial` | `false` | Whether to generate a serial number for the BOM. |
| `includeWellKnown` | `true` | Whether to generate a SBOM in the `well-known` directory. |

## Contributors

Expand Down
57 changes: 31 additions & 26 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -95,35 +95,40 @@ export default function rollupPluginSbom(userOptions?: RollupPluginSbomOptions):
* Finalize the SBOM and emit files
*/
generateBundle() {
this.emitFile({
type: "asset",
fileName: join(options.outDir, "bom.json"),
needsCodeReference: false,
source: jsonSerializer.serialize(bom, {
sortLists: false,
space: "\t",
}),
});
const formatMap: Record<string, CDX.Serialize.BaseSerializer<any>> = {
json: jsonSerializer,
xml: xmlSerializer,
};

options.outFormats.forEach((format) => {
if (!formatMap[format]) {
throw new Error(`Unsupported format: ${format}`);
}

this.emitFile({
type: "asset",
fileName: join(options.outDir, ".well-known/sbom"),
needsCodeReference: false,
source: jsonSerializer.serialize(bom, {
sortLists: false,
space: "\t",
}),
// serialize the BOM and emit the file
this.emitFile({
type: "asset",
fileName: join(options.outDir, `${options.outFilename}.${format}`),
needsCodeReference: false,
source: formatMap[format].serialize(bom, {
sortLists: false,
space: "\t",
}),
});
});

this.emitFile({
type: "asset",
fileName: join(options.outDir, "bom.xml"),
needsCodeReference: false,
source: xmlSerializer.serialize(bom, {
sortLists: false,
space: "\t",
}),
});
// emit the .well-known/sbom file
if (options.includeWellKnown) {
this.emitFile({
type: "asset",
fileName: ".well-known/sbom",
needsCodeReference: false,
source: jsonSerializer.serialize(bom, {
sortLists: false,
space: "\t",
}),
});
}
},
} satisfies Plugin;
}
17 changes: 16 additions & 1 deletion src/options.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,14 @@ export interface RollupPluginSbomOptions {
* uses the internal file emitter to write files.
*/
outDir?: string;
/**
* The base filename for the SBOM files, defaults to 'bom'
*/
outFilename?: string;
/**
* The formats to output, defaults to ['json', 'xml']
*/
outFormats?: string[];
/**
* If you want to save the timestamp of the generation, defaults to `true`
*/
Expand All @@ -25,16 +33,23 @@ export interface RollupPluginSbomOptions {
*/
autodetect?: boolean;
/**
* If the tool should add a random serial number for the application, defaults to `false`
* Whether to generate a serial number for the BOM. Defaults to `false`.
*/
generateSerial?: boolean;
/**
* Whether to generate a SBOM in the `.well-known` directory. Defaults to `true`.
*/
includeWellKnown?: boolean;
}

export const DEFAULT_OPTIONS: Required<RollupPluginSbomOptions> = {
specVersion: Spec.Version.v1dot5,
rootComponentType: Enums.ComponentType.Application,
outDir: "cyclonedx",
outFilename: "bom",
outFormats: ["json", "xml"],
saveTimestamp: true,
autodetect: true,
generateSerial: false,
includeWellKnown: true,
};

0 comments on commit a9a6ffc

Please sign in to comment.